Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Mikey <mikey@×××××××××××.com>
To: gentoo-hardened@l.g.o
Subject: [gentoo-hardened] Stupid Hardened Questions
Date: Fri, 17 Mar 2006 05:04:16
Message-Id: 200603162302.20007.mikey@badpenguins.com
1 I have decided to take the hardened profile for a spin on a couple of my
2 edge servers. I grabbed stage1-x86-hardened-2.6-2006.0.tar.bz2, verified
3 the profile was set to profiles/hardened/x86/2.6/, did my bootstrap and
4 emerge -e system. Everything looks to have gone ok.
5
6 What I am curious about is the fact that I didn't really notice any special
7 CFLAGS being used while everything was compiling. Various documents tell
8 me it is transparent, that the settings are read from the gcc spec file.
9 Should I not be seeing cflags specific to hardened settings while
10 everything is compiling?
11
12 gcc-config -l shows:
13
14 [1] i686-pc-linux-gnu-3.4.5 *
15 [2] i686-pc-linux-gnu-3.4.5-hardenednopie
16 [3] i686-pc-linux-gnu-3.4.5-hardenednopiessp
17 [4] i686-pc-linux-gnu-3.4.5-hardenednossp
18 [5] i686-pc-linux-gnu-3.4.5-vanilla
19
20 When I look in /etc/env.d/05gcc, nothing is set for GCC_SPECS:
21
22 PATH="/usr/i686-pc-linux-gnu/gcc-bin/3.4.5"
23 ROOTPATH="/usr/i686-pc-linux-gnu/gcc-bin/3.4.5"
24 MANPATH="/usr/share/gcc-data/i686-pc-linux-gnu/3.4.5/man"
25 INFOPATH="/usr/share/gcc-data/i686-pc-linux-gnu/3.4.5/info"
26 LDPATH="/usr/lib/gcc/i686-pc-linux-gnu/3.4.5"
27 GCC_SPECS=""
28
29 /etc/env.d/gcc/config points to i686-pc-linux-gnu-3.4.5, which contains:
30
31 PATH="/usr/i686-pc-linux-gnu/gcc-bin/3.4.5"
32 ROOTPATH="/usr/i686-pc-linux-gnu/gcc-bin/3.4.5"
33 LDPATH="/usr/lib/gcc/i686-pc-linux-gnu/3.4.5"
34 GCCBITS="32"
35 MANPATH="/usr/share/gcc-data/i686-pc-linux-gnu/3.4.5/man"
36 INFOPATH="/usr/share/gcc-data/i686-pc-linux-gnu/3.4.5/info"
37 STDCXX_INCDIR="g++-v3"
38
39 When I look at some of the other config files such as
40 i686-pc-linux-gnu-3.4.5-hardenednopie, it defines a GCC_SPECS file:
41
42 PATH="/usr/i686-pc-linux-gnu/gcc-bin/3.4.5"
43 ROOTPATH="/usr/i686-pc-linux-gnu/gcc-bin/3.4.5"
44 LDPATH="/usr/lib/gcc/i686-pc-linux-gnu/3.4.5"
45 GCCBITS="32"
46 MANPATH="/usr/share/gcc-data/i686-pc-linux-gnu/3.4.5/man"
47 INFOPATH="/usr/share/gcc-data/i686-pc-linux-gnu/3.4.5/info"
48 STDCXX_INCDIR="g++-v3"
49 GCC_SPECS="/usr/lib/gcc/i686-pc-linux-gnu/3.4.5/hardenednopie.specs"
50
51 So I guess my question is - how do I know everything is actually being
52 compiled with the hardened specific flags? A diff
53 on /usr/lib/gcc/i686-pc-linux-gnu/3.4.5/specs and hardened.specs shows no
54 differences, is it safe to assume the default specs file is being used even
55 though it is not being set anywhere in the environment?

Replies

Subject Author
Re: [gentoo-hardened] Stupid Hardened Questions "Kevin F. Quinn (Gentoo)" <kevquinn@g.o>
Re: [gentoo-hardened] Stupid Hardened Questions Mike Frysinger <vapier@g.o>
Report Message
Find on MARC Find on Google Groups